If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Breaking Web Browsers' Trust

Is your SSL connection really secure?

The researchers say that they were able to successfully attack Internet Explorer 7 and 8, Firefox 2 and 3, Opera 9, and Chrome Beta and 1.

Chen's group uncovered a problem with the way Web browsers display information from Web pages when a secure communications link has been established. They found that most browsers will sometimes treat insecure data as if it's part of the secure protocol. This means that a Web proxy--a machine sitting in between the browser and a website--can issue commands that the browser interprets as coming from a secure website, even if they are not. "In reality, it's very difficult to make sure that you are using a trusted network," he says.

For example, when a browser requests access to a secure website, the proxy could return a fake error message that the browser displays as genuine. The browser could then be tricked into sending secure messages to both the legitimate server and the malicious proxy.